Within our software it is easy to grant access to the relevant users per client file, being either a person or object company. Starting point is to define all the user roles within your organisation and you can also grant access to relevant external parties, such as an external auditor. These roles apply to the whole software tool. In these user roles you define per activity, such as: file, issues from the questionnaire, bank accounts, bank transactions, cash and non-cash expectations, whether a role can read, create, update, destroy, approve and / or import. Per file you can now define per user which role they have within that file, and as you set these user rights per file it is therefore possible to limit access to the privacy sensitive files to a small number of employees from your staff.
Based on your internal procedures manual you can assign reviewing rights and approving rights of questions from the questionnaire, cash expectations and non-cash expectations, planned transactions and processed transactions to the relevant user(s). As these assignments to the different users are logged, you can show and prove that you have acted according to what you have described in your internal procedures manual on for instance internal reviewing (‘3 lines of defence’).
A report from our tool Raemonda showing the active users, the roles and the permissions per role can be added to your internal procedures manual.